Releases: isovalent/hubble-releases
Releases · isovalent/hubble-releases
v0.11.1-cee.1
See open source notes for details.
Enterprise Features
- Fixes an issue in the newly introduced
hubble logout
command. Previously it was removing the incorrect file.
v0.11.0-cee.1
See open source notes for details.
Enterprise Features
- Add support for flow aggregation. Run
hubble observe --help
to see the aggregation related flags and their associated help. This functionality is only available when interacting with Cilium Enterprise Hubble or Hubble Timescape. - Add
hubble logout
to logout of an OIDC provider. - Add a timeout to of 2 minutes to
hubble login
when using browser based authorization code flow.
v0.10.0-cee.2
v0.10.0-cee.1
See open source notes for details.
Enterprise Features
hubble login
now supports--token-file
for specifying the path to an existing ID token to use for authentication.hubble login
now always uses ID tokens for authentication. Previously it would use the access token.hubble login
now lazily fetches credentials when an RPC is made, avoiding prompts when running commands which do not require credentials (eg;hubble --help
).hubble login
now supports the browser based Authorization code flow. This method is recommended over password based authentication as it has better security, and is more widely supported by OIDC providers.hubble login
can be configured to request specific scopes using the--scopes
flag.hubble login
can manually refresh tokens using the--refresh
flag if the login credentials contains a refresh token.hubble
now supports specifying the OIDC issuer CA on all commands using the--issuer-ca
flag. This is useful when connecting to an OIDC provider with a self-signed certificate.
Breaking changes
- When using authentication, TLS is now required. Previously it was optional when connecting to a unix socket or localhost. Users can still bypass TLS verification with
--tls-allow-insecure
, but--tls
will be required. - When using Okta,
hubble
now correctly uses theID token
for authentication tohubble-rbac
instead of theAccess Token
. See the Hubble RBAC and Okta documentation for how to configure Okta, and hubble-rbac v1.1.0 release notes for details.
v0.10.0-cee.1.rc2
See open source notes for details.
Enterprise Features
hubble login
now supports--token-file
for specifying the path to an existing ID token to use for authentication.hubble login
now always uses ID tokens for authentication. Previously it would use the access token.hubble login
now lazily fetches credentials when an RPC is made, avoiding prompts when running commands which do not require credentials (eg;hubble --help
).hubble login
now supports the browser based Authorization code flow. This method is recommended over password based authentication as it has better security, and is more widely supported by OIDC providers.hubble login
can be configured to request specific scopes using the--scopes
flag.hubble login
can manually refresh tokens using the--refresh
flag if the login credentials contains a refresh token.hubble
now supports specifying the OIDC issuer CA on all commands using the--issuer-ca
flag. This is useful when connecting to an OIDC provider with a self-signed certificate.
Breaking changes
- When using authentication, TLS is now required. Previously it was optional when connecting to a unix socket or localhost. Users can still bypass TLS verification with
--tls-allow-insecure
, but--tls
will be required. - When using Okta,
hubble
now correctly uses theID token
for authentication tohubble-rbac
instead of theAccess Token
. See the Hubble RBAC and Okta documentation for how to configure Okta, and hubble-rbac v1.1.0 release notes for details.
v0.10.0-cee.1.rc1
See open source notes for details.
Enterprise Features
hubble login
now supports--token-file
for specifying the path to an existing ID token to use for authentication.hubble login
now always uses ID tokens for authentication. Previously it would use the access token.hubble login
now lazily fetches credentials when an RPC is made, avoiding prompts when running commands which do not require credentials (eg;hubble --help
).hubble login
now supports the browser based Authorization code flow. This method is recommended over password based authentication as it has better security, and is more widely supported by OIDC providers.hubble login
can be configured to request specific scopes using the--scopes
flag.hubble login
can skip refreshing tokens using the--refresh=false
flag. This is useful when a user is requesting new scopes with the new--scope
flag, as refresh tokens can only obtain new ID tokens with the scopes used to obtain the refresh token.hubble
now supports specifying the OIDC issuer CA on all commands using the--issuer-ca
flag. This is useful when connecting to an OIDC provider with a self-signed certificate.
Breaking changes
- When using authentication, TLS is now required. Previously it was optional when connecting to a unix socket or localhost. Users can still bypass TLS verification with
--tls-allow-insecure
, but--tls
will be required. - When using Okta,
hubble
now correctly uses theID token
for authentication tohubble-rbac
instead of using theAccess Token
. See the Hubble RBAC and Okta documentation for how to configure Okta, and hubble-rbac v1.1.0 release notes for details.
v0.8.2-cee.2
See open source notes for details.
Enterprise Features
- fix for
hubble login
bug that does not initialize the config directory for storing client information for making oidc requests.
v0.8.2-cee.1
See open source notes for details.
Enterprise Features
hubble login
logs hubble into an OIDC provider. See enterprise documentation for details.
v0.7.1-cee.2
This release is based on OSS Hubble v0.7.1. Please see open source release notes for the list of upstream changes.
Enterprise Features
- Add
--token-file
flag to specify the path to a file that contains an authentication token to pass along when doing requests.